Important: cri-tools

Issue Overview: The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack. CVE-2026-32285 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3...

CVE-2026-34069

CVE-2026-34069 affects the Rust implementation of Nimiq’s PoS consensus (nimiq/core-rs-albatross). In versions 1.2.2 and earlier, an unauthenticated p2p peer can trigger a panic in the RequestMacroChain message handler when the first locator hash on the victim’s main chain is a micro block hash (...

CVE-2026-34069 nimiq-consensus panics via RequestMacroChain micro-block locator

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the...

CVE-2026-32605 Nimiq: Remote crash via off-by-one signer bounds check in proposal buffer

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

CVE-2026-31420

A flaw was found in the Linux kernel's bridge subsystem, specifically within the Multiple Registration Protocol MRP implementation. A local user can exploit this vulnerability by supplying a zero-value test interval through the netlink interface without proper validation. This invalid input cause...

CVE-2026-31424

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the xtables and arptables components. This vulnerability arises when xtmatch and xttarget extensions, registered for unspecified protocol families, are incorrectly processed by the Address Resolution Protocol ARP...

CVE-2026-31415

A flaw was found in the Linux kernel. A local attacker can exploit an integer overflow vulnerability in the ip6datagramsendctl function when processing multiple IPv6 Destination Options DSTOPTS control messages. This issue causes an incorrect calculation of header sizes, leading to a buffer...

nimiq-consensus panics via RequestMacroChain micro-block locator

Impact An unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic by sending a RequestMacroChain message where the first locator hash that is on the victim’s main chain is a micro block hash not a macro block hash. In RequestMacroChain::handle, the handler selects t...

EUVD-2026-22160

nimiq-consensus panics via RequestMacroChain micro-block locator...

GHSA-48M6-486P-9J8P nimiq-consensus panics via RequestMacroChain micro-block locator

Impact An unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic by sending a RequestMacroChain message where the first locator hash that is on the victim’s main chain is a micro block hash not a macro block hash. In RequestMacroChain::handle, the handler selects t...

CVE-2026-31415

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6datagramsendctl Yiming Qian reported : I believe I found a locally triggerable kernel bug in the IPv6 sendmsg ancillary-data path that can panic the kernel via skbunderpanic local DoS. The core issue i...

CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic

In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic brmrpstarttest and brmrpstartintest accept the user-supplied interval value from netlink without validation. When interval is 0, usecstojiffies0 yields 0, causing the...

CVE-2026-31415

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6datagramsendctl Yiming Qian reported : I believe I found a locally triggerable kernel bug in the IPv6 sendmsg ancillary-data path that can panic the kernel via skbunderpanic local DoS. The core issue i...

CVE-2026-40394

A flaw was found in Varnish Cache and Varnish Enterprise. A remote attacker can trigger a denial of service by sending specific amounts of prefetched data during an HTTP/2 session upgrade. This vulnerability, known as a "workspace overflow," occurs when the system attempts to allocate a buffer,...

PT-2026-32563

Name of the Vulnerable Software and Affected Versions nimiq/core-rs-albatross versions prior to 1.3.0 Description An unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. This occurs when a RequestMacroChain message is sent where the first locator hash on the...

CVE-2026-40396

Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service daemon panic after timeoutlinger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread timeoutlinger and resume traffic before the session is closed timeoutidle...

DEBIAN-CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

UBUNTU-CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

UBUNTU-CVE-2026-40396

Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service daemon panic after timeoutlinger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread timeoutlinger and resume traffic before the session is closed timeoutidle...

CVE-2026-40396

Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service daemon panic after timeoutlinger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread timeoutlinger and resume traffic before the session is closed timeoutidle...